ajinabraham.njsscan.xss.xss_templates.handlebars_noescape

rules:
  - id: handlebars_noescape
    patterns:
      - pattern: |
          $X.compile(..., {noEscape: true}, ...)
    message: Disabling Escaping in Handlebars is not a secure behaviour. This can
      introduce XSS vulnerabilties.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a1
      cwe: cwe-80
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other